technology

“The Times of India (TOI) is an Indian English-language daily newspaper. It is the third-largest newspaper in India by circulation and largest selling English-language daily in the world according to Audit Bureau of Circulations (India). According to the Indian Readership Survey (IRS) 2012, the Times of India is the most widely read English newspaper in India with a readership of 7.643 million. This ranks the Times of India as the top English daily in India by readership. It is owned and published by Bennett, Coleman & Co. Ltd. which is owned by the Sahu Jain family. In the Brand Trust Report 2012, Times of India was ranked 88th among India’s most trusted brands and subsequently, according to the Brand Trust Report 2013, Times of India was ranked 100th among India’s most trusted brands. In 2014 however, Times of India was ranked 174th among India’s most trusted brands according to the Brand Trust Report 2014, a study conducted by Trust Research Advisory.” (en.Wikipedia.org)

(2) Vulnerability description:

The web application indiatimes.com online website has a security problem. Hacker can exploit it by XSS bugs.

The code flaw occurs at Indiatimes’s URL links. Indiatimes only filter part of the filenames in its website. All URLs under Indiatimes’s “photogallery” and “top-llists” topics are affected.

Indiatimes uses part of the links under “photogallery” and “top-llists” topics to construct its website content without any checking of those links at all. This mistake is very popular in nowaday websites. Developer is not security expert.

The vulnerability can be attacked without user login. Tests were performed on Mozilla Firefox (26.0) in Ubuntu (12.04) and Microsoft IE (9.0.15) in Windows 7.

“Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.” (OWASP)

(3) Vulnerability Disclosure:

The vulnerabilities were reported to Indiatimes in early September, 2014. However they are still unpatched.

“If our webshop you want to distribute your products, but it is too expensive to find on the internet found solutions, select the Webshop Hun shop program and get web store for free and total maker banner must display at the bottom of the page 468×60 size. The download shop program, there is no product piece limit nor any quantitative restrictions, can be used immediately after installation video which we provide assistance.

“The Hun Shop store for a free for all. In our experience, the most dynamic web solutions ranging from our country. If the Webshop Hun own image does not suit you, you can also customize the look of some of the images and the corresponding text replacement, or an extra charge we can realize your ideas. The Webshop Hun pages search engine optimized. They made the Hun Shop web program to meet efficiency guidelines for the search engines. The pages are easy to read and contain no unnecessary HTML tags. Any web page is simply a few clicks away.”

(2) Vulnerability Details:

Webshop hun web application has a security bug problem. It can be exploited by Information Leakage attacks. This may allow a remote attacker to disclose the software’s installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

(2.1) The code flaw occurs at “index.php?” page with “termid” parameter. Attackers can get information such the server software installation path, etc.

NetCat.ru is russian local company. “NetCat designed to create an absolute majority of the types of sites: from simple “business card” with a minimum content to complex web-based systems, from corporate offices to online stores, libraries or media data – in other words, projects completely different directions and at any level of complexity. View examples of sites running on NetCat CMS can be in a special section.”

“Manage the site on the basis of NetCat can even inexperienced user, because it does not require knowledge of Internet technologies, programming and markup languages. NetCat constantly improving, adds new features. In the process of finalizing necessarily take into account the wishes of our partners and clients, as well as trends in Internet development. More than 2,000 studios and private web developers have chosen for their projects is NetCat, and in 2013 sites, successfully working on our CMS, created more than 18,000.”

(2) Vulnerability Details:

NetCat web application has a security bug problem. It can be exploited by XSS (Cross-site Scripting) attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

“Daily Edition WordPress Theme developed by wootheme team and Daily Edition is a clean, spacious newspaper/magazine theme designed by Liam McKay. With loads of home page modules to enable/disable and a unique java script-based featured scroller and video player the theme oozes sophistication”

“The Daily Edition theme offers users many options, controlled from the widgets area and the theme options page – it makes both the themes appearance and functions flexible. From The Daily Edition 3 option pages you can for example add your Twitter and Google analytics code, some custom CSS and footer content – and in the widgets area you find a practical ads management.”

“Unique Features

These are some of the more unique features that you will find within the theme:

A neat javascript home page featured slider, with thumbnail previews of previous/next slides on hover over the dots.

A “talking points” home page that can display posts according to tags, in order of most commented to least commented. A great way to highlight posts gathering dust in the archives.

A customizable home page layout with options to specify how many full width blog posts and how many “box” posts you would like to display.

A javascript home page video player with thumbnail hover effect.

16 delicious colour schemes to choose from!”

(2) Vulnerability Details:

WordPress Daily Edition Theme web application has a security bug problem. It can be exploited by “Unrestricted Upload of File” (Arbitrary File Uploading) attacks. With a specially crafted request, a remote attacker can include arbitrary files from the targeted host or from a remote or local host . This may allow disclosing file contents or executing files like PHP scripts. Such attacks are limited due to the script only calling files already on the target host.

“Daily Edition WordPress Theme developed by wootheme team and Daily Edition is a clean, spacious newspaper/magazine theme designed by Liam McKay. With loads of home page modules to enable/disable and a unique java script-based featured scroller and video player the theme oozes sophistication”

“The Daily Edition theme offers users many options, controlled from the widgets area and the theme options page – it makes both the themes appearance and functions flexible. From The Daily Edition 3 option pages you can for example add your Twitter and Google analytics code, some custom CSS and footer content – and in the widgets area you find a practical ads management.”

“Unique Features

These are some of the more unique features that you will find within the theme:

A neat javascript home page featured slider, with thumbnail previews of previous/next slides on hover over the dots.

A “talking points” home page that can display posts according to tags, in order of most commented to least commented. A great way to highlight posts gathering dust in the archives.

A customizable home page layout with options to specify how many full width blog posts and how many “box” posts you would like to display.

A javascript home page video player with thumbnail hover effect.

16 delicious colour schemes to choose from!”

(2) Vulnerability Details:

WordPress Daily Edition Theme web application has a security bug problem. It can be exploited by SQL Injection attacks. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

“NYU has integrated PDS with Sun’s OpenSSO Identity Management application. The PDS/OpenSSO integration uses PDS as the NYU Libraries’ single sign-on system and leverages NYU’s OpenSSO system to provide seamless interaction between library applications and university services. The integration merges patron information from OpenSSO (e.g. name, email, e-resources access) with patron information from Aleph (e.g. borrower status and type) to ensure access to the multitude of library services.”

“The NYU Libraries operate in a consortial environment in which not all users are in OpenSSO and not all OpenSSO users are in Aleph. PDS is hosted in an active/passive capacity on our Primo front-end servers. Due to the nature of PDS and Aleph, patrons are required to have an Aleph account in order to login to the library’s SSO environment. The exception to this rule is EZProxy.”

“Author: Scot Dalton

Additional author(s):

Institution: New York University

Year: 2009

License: BSD style

Short description: Use, modification and distribution of the code are permitted provided the copyright notice, list of conditions and disclaimer appear in all related material.

Link to terms: [Detailed license terms]”

(2) Vulnerability Details:

NYU Opensso Integration web application has a computer security bug problem. It can be exploited by Unvalidated Redirects and Forwards (URL Redirection) attacks. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker’s choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

Other similar products 0day vulnerabilities have been found by some other bug hunter researchers before. NYU has patched some of them. Web Security Watch is an aggregator of security reports coming from various sources. It aims to provide a single point of tracking for all publicly disclosed security issues that matter. “Its unique tagging system enables you to see a relevant set of tags associated with each security alert for a quick overview of the affected products. What’s more, you can now subscribe to an RSS feed containing the specific tags that you are interested in – you will then only receive alerts related to those tags.” It has published suggestions, advisories, solutions details related to website vulnerabilities.